MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' into develop

pull/7334/head
iglocska 2021-04-08 11:12:05 +02:00
parent 6708ef3131 a0f08501d2
commit c150dbfe6e
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
22 changed files with 1309 additions and 770 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1128
INSTALL/INSTALL.sh
View File

File diff suppressed because it is too large Load Diff

6
INSTALL/INSTALL.sh.sfv
View File

@ -1,5 +1,5 @@
; Generated by RHash v1.3.9 on 2021-03-25 at 12:56.17
; Generated by RHash v1.3.9 on 2021-04-07 at 14:14.40
; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
;
; 137691 12:56.17 2021-03-25 INSTALL.sh
INSTALL.sh 5694A8F77384677CA3DC84FB5A5F3C06D6FFF03F 5F3A9B04BEEE449E96F4A698F3FA497390E46E2AD1DBDDED37F54E29FED76221 ABCB35B681F9A5E3568A055465976EC0996C0CC2FD8A39384E05D90413D8300B7356AAE23A540912D7D9907BECCDCD9F 54712D3100DAF92EA6201D86941222F6877B772533D048C8F758332D9B45418B64AA767A0D78C8A39E491BE114F139FFEF5A2E0436EA8503AA593556E56C0992
; 161860 14:14.40 2021-04-07 INSTALL.sh
INSTALL.sh 799BE3C88392FFCD09F5BDD49BAB5FB83C0B8A5E 759BB387FE1C11FB8D95326342C7E71B9EEF1549EEA18977E497E5D1B7B6B528 D5EBD0EE0E7E2A4AE6F68063D9A2C581EEF340816C383E00534143AE8787F24F5CF3EF20029DFA8F05D6E4A4B8BF2DE8 3C20996CB15AFC65A8B2A743AF5244FDAC1D1652E338A20B91AF4F76B0B885F4E4C17096838F26BCC3A09E3BEF24F0C2D5B4DB5C19B692573EB1AA0013907689

2
INSTALL/INSTALL.sh.sha1
View File

@ -1 +1 @@
5694a8f77384677ca3dc84fb5a5f3c06d6fff03f INSTALL.sh
799be3c88392ffcd09f5bdd49bab5fb83c0b8a5e INSTALL.sh

2
INSTALL/INSTALL.sh.sha256
View File

@ -1 +1 @@
5f3a9b04beee449e96f4a698f3fa497390e46e2ad1dbdded37f54e29fed76221 INSTALL.sh
759bb387fe1c11fb8d95326342c7e71b9eef1549eea18977e497e5d1b7b6b528 INSTALL.sh

2
INSTALL/INSTALL.sh.sha384
View File

@ -1 +1 @@
abcb35b681f9a5e3568a055465976ec0996c0cc2fd8a39384e05d90413d8300b7356aae23a540912d7d9907beccdcd9f INSTALL.sh
d5ebd0ee0e7e2a4ae6f68063d9a2c581eef340816c383e00534143ae8787f24f5cf3ef20029dfa8f05d6e4a4b8bf2de8 INSTALL.sh

2
INSTALL/INSTALL.sh.sha512
View File

@ -1 +1 @@
54712d3100daf92ea6201d86941222f6877b772533d048c8f758332d9b45418b64aa767a0d78c8a39e491be114f139ffef5a2e0436ea8503aa593556e56c0992 INSTALL.sh
3c20996cb15afc65a8b2a743af5244fdac1d1652e338a20b91af4f76b0b885f4e4c17096838f26bcc3a09e3bef24f0c2d5b4db5c19b692573eb1aa0013907689 INSTALL.sh

159
INSTALL/INSTALL.tpl.sh
View File

@ -16,9 +16,12 @@
# 0/ Quick MISP Instance on Debian Based Linux - Status |
#-------------------------------------------------------|
#
# 20210401: Ubuntu 21.04 tested and working. -- sCl
# 20210401: Ubuntu 20.04.2 tested and working. -- sCl
# 20210401: Ubuntu 18.04.5 tested and working. -- sCl
# 20210406: CentOS 7.9 tested and working. -- sCl
# 20210406: CentOS 8 tested and working. -- sCl
# 20210406: CentOS Stream tested and working. -- sCl
# 20210406: Ubuntu 21.04 tested and working. -- sCl
# 20210406: Ubuntu 20.04.2 tested and working. -- sCl
# 20210406: Ubuntu 18.04.5 tested and working. -- sCl
# 20210331: Kali Linux 2021.1 tested and working. -- sCl
#
#
@ -73,6 +76,7 @@
## 0_apt-upgrade.sh ##
## 0_sudoKeeper.sh ##
## 0_installCoreDeps.sh ##
## 0_upgradePhp74.sh ##
## 0_installDepsPhp74.sh ##
## 0_installDepsPhp73.sh ##
## 0_installDepsPhp72.sh ##
@ -95,16 +99,24 @@
## 6_ssdeep.sh ##
## 6_viper.sh ##
## 0_RHEL_SCL.sh ##
## 0_RHEL_register.sh ##
## 0_RHEL7_SCL.sh ##
## 0_RHEL8_SCL.sh ##
## 0_RHEL7_EPEL.sh ##
## 0_CentOS_EPEL.sh ##
## 0_RHEL_EPEL.sh ##
## 0_yumInstallCoreDeps.sh ##
## 1_mispCoreInstall_RHEL.sh ##
## 0_EPEL_REMI.sh ##
## 0_yumInstallCoreDeps7.sh ##
## 0_yumInstallCoreDeps8.sh ##
## 0_yumInstallHaveged.sh ##
## 1_mispCoreInstall_RHEL7.sh ##
## 1_mispCoreInstall_RHEL8.sh ##
## 1_installCake_RHEL.sh ##
## 1_prepareDB_RHEL.sh ##
## 1_apacheConfig_RHEL.sh ##
## 1_apacheConfig_RHEL7.sh ##
## 1_apacheConfig_RHEL8.sh ##
## 1_firewall_RHEL.sh ##
## 2_permissions_RHEL.sh ##
## 2_permissions_RHEL7.sh ##
## 2_permissions_RHEL8.sh ##
## 2_logRotation_RHEL.sh ##
## 2_configMISP_RHEL.sh ##
## 3_configWorkers_RHEL.sh ##
@ -167,6 +179,7 @@ generateInstaller () {
perl -pe 's/^## 0_apt-upgrade.sh ##/`cat 0_apt-upgrade.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_sudoKeeper.sh ##/`cat 0_sudoKeeper.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_installCoreDeps.sh ##/`cat 0_installCoreDeps.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_upgradePhp74.sh ##/`cat 0_upgradePhp74.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_installDepsPhp74.sh ##/`cat 0_installDepsPhp74.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_installDepsPhp73.sh ##/`cat 0_installDepsPhp73.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_installDepsPhp72.sh ##/`cat 0_installDepsPhp72.sh`/ge' -i INSTALL.tpl.sh
@ -190,15 +203,23 @@ generateInstaller () {
perl -pe 's/^## 6_viper.sh ##/`cat 6_viper.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 6_ssdeep.sh ##/`cat 6_ssdeep.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_RHEL_SCL.sh ##/`cat 0_RHEL_SCL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_RHEL_register.sh ##/`cat 0_RHEL_register.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_RHEL7_SCL.sh ##/`cat 0_RHEL7_SCL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_RHEL8_SCL.sh ##/`cat 0_RHEL8_SCL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_CentOS_EPEL.sh ##/`cat 0_CentOS_EPEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_RHEL_EPEL.sh ##/`cat 0_RHEL_EPEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_yumInstallCoreDeps.sh ##/`cat 0_yumInstallCoreDeps.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 1_mispCoreInstall_RHEL.sh ##/`cat 1_mispCoreInstall_RHEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_RHEL7_EPEL.sh ##/`cat 0_RHEL7_EPEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_yumInstallCoreDeps7.sh ##/`cat 0_yumInstallCoreDeps7.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_yumInstallCoreDeps8.sh ##/`cat 0_yumInstallCoreDeps8.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_yumInstallHaveged.sh ##/`cat 0_yumInstallHaveged.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 1_mispCoreInstall_RHEL7.sh ##/`cat 1_mispCoreInstall_RHEL7.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 1_mispCoreInstall_RHEL8.sh ##/`cat 1_mispCoreInstall_RHEL8.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 0_EPEL_REMI.sh ##/`cat 0_EPEL_REMI.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 1_installCake_RHEL.sh ##/`cat 1_installCake_RHEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 2_permissions_RHEL.sh ##/`cat 2_permissions_RHEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 2_permissions_RHEL7.sh ##/`cat 2_permissions_RHEL7.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 2_permissions_RHEL8.sh ##/`cat 2_permissions_RHEL8.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 1_prepareDB_RHEL.sh ##/`cat 1_prepareDB_RHEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 1_apacheConfig_RHEL.sh ##/`cat 1_apacheConfig_RHEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 1_apacheConfig_RHEL7.sh ##/`cat 1_apacheConfig_RHEL7.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 1_apacheConfig_RHEL8.sh ##/`cat 1_apacheConfig_RHEL8.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 1_firewall_RHEL.sh ##/`cat 1_firewall_RHEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 2_logRotation_RHEL.sh ##/`cat 2_logRotation_RHEL.sh`/ge' -i INSTALL.tpl.sh
perl -pe 's/^## 2_configMISP_RHEL.sh ##/`cat 2_configMISP_RHEL.sh`/ge' -i INSTALL.tpl.sh
@ -342,10 +363,6 @@ installSupported () {
[[ -n $CORE ]] || [[ -n $ALL ]] && coreCAKE
progress 4
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT
progress 4
# Disable spinner
#(kill $SPIN_PID 2>&1) >/dev/null
@ -363,6 +380,14 @@ installSupported () {
[[ -n $MODULES ]] || [[ -n $ALL ]] && mispmodules
progress 4
# Update Galaxies, Template Objects, Warning Lists, Notice Lists, Taxonomies - functionLocation('generic/MISP_CAKE_init.md')
[[ -n $CORE ]] || [[ -n $ALL ]] && updateGOWNT
progress 4
# Install misp-modules - functionLocation('generic/misp-modules-cake.md')
[[ -n $MODULES ]] || [[ -n $ALL ]] && modulesCAKE
progress 4
# Install Viper - functionLocation('generic/viper-debian.md')
## FIXME: The current state of Viper is broken, disabling any use.
##[[ -n $VIPER ]] || [[ -n $ALL ]] && viper
@ -627,6 +652,7 @@ installMISPonKali () {
debug "Installing misp-modules"
mispmodules
modulesCAKE
## FIXME: The current state of Viper is broken, disabling any use.
##debug "Installing Viper"
@ -655,43 +681,80 @@ installMISPRHEL () {
space
echo "Proceeding with MISP core installation on RHEL ${dist_version}"
space
id -u "${MISP_USER}" > /dev/null
if [[ $? -eq 1 ]]; then
debug "Creating MISP user"
sudo useradd -r "${MISP_USER}"
sudo useradd -G wheel -m "${MISP_USER}"
fi
debug "Enabling Extras Repos (SCL)"
if [[ "${DISTRI}" == "rhel7" ]]; then
sudo subscription-manager register --auto-attach
enableReposRHEL
enableEPEL
else # CentOS
centosEPEL
# Register system if RHEL
if [[ "${DISTRI}" =~ ^[rhel].* ]]; then
registerRHEL
fi
debug "Installing System Dependencies"
yumInstallCoreDeps
debug "Enabling Extras Repos (SCL)"
if [[ "${DISTRI}" == "rhel7" ]]; then
enableReposRHEL7
enableEPEL
debug "Installing System Dependencies"
yumInstallCoreDeps7
installEntropyRHEL
debug "Installing MISP code"
installCoreRHEL7
debug "Install Cake PHP"
installCake_RHEL
debug "Setting File permissions"
permissions_RHEL7
debug "Preparing Database"
prepareDB_RHEL
apacheConfig_RHEL7
fi
if [[ "${DISTRI}" == "fedora33" ]]; then
enableREMI_f33
yumInstallCoreDeps8
installEntropyRHEL
installCoreRHEL8
installCake_RHEL
permissions_RHEL8
prepareDB_RHEL
debug "Configuring Apache"
apacheConfig_RHEL8
fi
if [[ "${DIST_VER}" =~ ^[8].* ]]; then
enableEPEL_REMI_8
enableOptionalRHEL8
yumInstallCoreDeps8
installCoreRHEL8
installCake_RHEL
permissions_RHEL8
prepareDB_RHEL
apacheConfig_RHEL8
fi
if [[ "${DISTRI}" == "centos7" ]]; then
centosEPEL
debug "Installing MISP code"
debug "Installing System Dependencies"
yumInstallCoreDeps7
installEntropyRHEL
installCoreRHEL7
debug "Install Cake PHP"
installCake_RHEL
debug "Setting File permissions"
permissions_RHEL7
debug "Preparing Database"
prepareDB_RHEL
debug "Configuring Apache"
apacheConfig_RHEL7
fi
debug "Enabling Haveged for additional entropy"
sudo yum install haveged -y
sudo systemctl enable --now haveged.service
debug "Installing MISP code"
installCoreRHEL
debug "Install Cake PHP"
installCake_RHEL
debug "Setting File permissions"
permissions_RHEL
debug "Preparing Database"
prepareDB_RHEL
debug "Configuring Apache"
apacheConfig_RHEL
debug "Setting up firewall"
firewall_RHEL
@ -720,6 +783,9 @@ installMISPRHEL () {
space
mispmodulesRHEL
# Another sleep to avoid RC
sleep 3
modulesCAKE
echo "MISP modules installation finished."
fi
@ -823,7 +889,8 @@ if [[ "${FLAVOUR}" == "ubuntu" ]]; then
if [[ "${RELEASE}" == "18.04" ]]; then
echo "Install on Ubuntu 18.04 LTS fully supported."
echo "Please report bugs/issues here: https://github.com/MISP/MISP/issues"
installSupported && exit || exit
upgradeToPHP74
installSupported PHP="7.4" && exit || exit
fi
if [[ "${RELEASE}" == "20.04" ]]; then
echo "Install on Ubuntu 20.04 LTS fully supported."

1
app/Controller/AttributesController.php
View File

@ -1124,7 +1124,6 @@ class AttributesController extends AppController
throw new MethodNotAllowedException();
}
if ($this->Attribute->restore($id, $this->Auth->user())) {
$this->Attribute->__alterAttributeCount($this->data['Attribute']['event_id']);
$this->redirect(array('action' => 'view', $id));
} else {
throw new NotFoundException(__('Could not restore the attribute'));

1
app/Model/Attribute.php
View File

@ -3557,6 +3557,7 @@ class Attribute extends AppModel
$attribute['Event']['published'] = 0;
$attribute['Event']['timestamp'] = $date->getTimestamp();
$this->Event->save($attribute['Event']);
$this->__alterAttributeCount($attribute['Event']['id']);
return true;
} else {
return 'Could not save changes.';

27
app/Model/MispObject.php
View File

@ -964,6 +964,31 @@ class MispObject extends AppModel
public function editObject($object, $eventId, $user, $log, $force = false, &$nothingToChange = false)
{
$object['event_id'] = $eventId;
if (isset($object['distribution']) && $object['distribution'] == 4) {
if (!empty($object['SharingGroup'])) {
$object['sharing_group_id'] = $this->SharingGroup->captureSG($object['SharingGroup'], $user);
} elseif (!empty($object['sharing_group_id'])) {
if (!$this->SharingGroup->checkIfAuthorised($user, $object['sharing_group_id'])) {
unset($object['sharing_group_id']);
}
}
if (empty($object['sharing_group_id'])) {
$object_short = (isset($object['meta-category']) ? $object['meta-category'] : 'N/A') . '/' . (isset($object['name']) ? $object['name'] : 'N/A') . ' ' . (isset($object['uuid']) ? $object['uuid'] : 'N/A');
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
$this->Log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'MispObject',
'model_id' => 0,
'email' => $user['email'],
'action' => 'edit',
'user_id' => $user['id'],
'title' => 'Object dropped due to invalid sharing group for Event ' . $eventId . ' failed: ' . $object_short,
'change' => 'Validation errors: ' . json_encode($this->validationErrors) . ' Full Object: ' . json_encode($object),
));
return 'Invalid sharing group choice.';
}
}
if (isset($object['uuid'])) {
$existingObject = $this->find('first', array(
'recursive' => -1,
@ -976,7 +1001,7 @@ class MispObject extends AppModel
$log->create();
$log->save(array(
'org' => $user['Organisation']['name'],
'model' => 'Object',
'model' => 'MispObject',
'model_id' => 0,
'email' => $user['email'],
'action' => 'edit',

30
app/files/feed-metadata/defaults.json
View File

@ -1518,7 +1518,35 @@
"exportable": true,
"hide_tag": false
}
}
},
{
"Feed": {
"name": "Threatfox",
"provider": "Abuse.ch",
"url": "https:\/\/threatfox.abuse.ch\/downloads\/misp\/",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "0",
"tag_id": "0",
"default": false,
"source_format": "misp",
"fixed_event": true,
"delta_merge": false,
"event_id": "0",
"publish": false,
"override_ids": false,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
"input_source": "network",
"delete_local_file": false,
"lookup_visible": true,
"headers": "",
"caching_enabled": false,
"force_to_ids": false,
"orgc_id": "0",
"cached_elements": 0,
"coverage_by_other_feeds": "0%"
},
{
"Feed": {
"name": "Threatfox",

123
docs/INSTALL.rhel7.md
View File

@ -4,28 +4,10 @@
### -2/ RHEL7/CentOS7 - status
-------------------------
!!! notice
MISP-core and misp-modules Tested working by [@SteveClement](https://twitter.com/SteveClement) on 20210326
Tested fully working without SELinux by [@SteveClement](https://twitter.com/SteveClement) on 20210401
TODO: Fix SELinux permissions, *pull-requests welcome*.
!!! notice
This document also serves as a source for the [INSTALL-misp.sh](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.sh) script.
Which explains why you will see the use of shell *functions* in various steps.
Henceforth the document will also follow a more logical flow. In the sense that all the dependencies are installed first then config files are generated, etc...
### -1/ Installer and Manual install instructions
!!! warning
In the **future**, to install MISP on a fresh RHEL 7 install all you need to do is:
```bash
# Please check the installer options first to make the best choice for your install
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh
# This will install MISP Core
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh -c
```
**The above does NOT fully work yet**
{!generic/manual-install-notes.md!}
!!! notice
If the next line is `[!generic/community.md!]()` [click here](https://misp.github.io/MISP/INSTALL.rhel7/).
@ -47,7 +29,6 @@
{!generic/manual-install-notes.md!}
This document details the steps to install MISP on Red Hat Enterprise Linux 7.x (RHEL 7.x) and CentOS 7.x.
At time of this writing it was tested on versions 7.6 for both.
This is a joint RHEL/CentOS install guide. The authors tried to make it contextually evident what applies to which flavor.
The following assumptions with regard to this installation have been made.
@ -84,7 +65,9 @@ sudo hostnamectl set-hostname misp.local # Your choice, in a production environm
## 1.3/ **[RHEL]** Register the system for updates with Red Hat Subscription Manager
```bash
# <snippet-begin 0_RHEL_register.sh>
sudo subscription-manager register --auto-attach # register your system to an account and attach to a current subscription
registerRHEL () {
sudo subscription-manager register --auto-attach # register your system to an account and attach to a current subscription
}
# <snippet-end 0_RHEL_register.sh>
```
@ -104,13 +87,14 @@ enableReposRHEL7 () {
# <snippet-begin 0_CentOS_EPEL.sh>
centosEPEL () {
# We need some packages from the Extra Packages for Enterprise Linux repository
sudo yum install epel-release -y
sudo yum install dnf -y
sudo dnf install epel-release -y
# Since MISP 2.4 PHP 5.5 is a minimal requirement, so we need a newer version than CentOS base provides
# Software Collections is a way do to this, see https://wiki.centos.org/AdditionalResources/Repositories/SCL
sudo yum install centos-release-scl -y
sudo yum install yum-utils -y
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo dnf install centos-release-scl -y
sudo dnf install yum-utils -y
sudo dnf install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum-config-manager --enable remi-php74
}
# <snippet-end 0_CentOS_EPEL.sh>
@ -118,20 +102,20 @@ centosEPEL () {
## 1.5a/ Install the deltarpm package to help reduce download size when installing updates (optional)
```bash
sudo yum install deltarpm -y
sudo dnf install deltarpm -y
```
## 1.5.b/ Install vim (optional)
```bash
# Because (neo)vim is just so practical
sudo yum install neovim -y
# For RHEL, it's vim
sudo dnf install neovim -y
# For RHEL, it's vim and after enabling epel neovim is available too
```
## 1.5.c/ Install ntpdate (optional)
```bash
# In case you time is wrong, this will fix it.
sudo yum install ntpdate -y
sudo dnf install ntpdate -y
sudo ntpdate pool.ntp.org
```
@ -139,7 +123,7 @@ sudo ntpdate pool.ntp.org
```bash
# <snippet-begin 0_yum-update.sh>
yumUpdate () {
sudo yum update -y
sudo dnf update -y
}
# <snippet-end 0_yum-update.sh>
```
@ -148,9 +132,10 @@ yumUpdate () {
```bash
# <snippet-begin 0_RHEL7_EPEL.sh>
enableEPEL () {
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
sudo yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo yum install yum-utils -y
sudo yum install dnf -y
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y
sudo dnf install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
sudo dnf install yum-utils policycoreutils-python -y
sudo yum-config-manager --enable remi-php74
}
# <snippet-end 0_RHEL7_EPEL.sh>
@ -159,19 +144,19 @@ enableEPEL () {
### 2/ Dependencies
!!! note
This guide installs PHP 7.4 from Remi's Repo
This guide installs PHP 7.4 from Remi's repo
!!! warning
[PHP 5.6 and 7.0 aren't supported since December 2018](https://secure.php.net/supported-versions.php). Please update accordingly. In the future only PHP7 will be supported.
## 2.01/ Install some base system dependencies
```bash
# <snippet-begin 0_yumInstallCoreDeps.sh>
yumInstallCoreDeps () {
# <snippet-begin 0_yumInstallCoreDeps7.sh>
yumInstallCoreDeps7 () {
# Install the dependencies:
PHP_BASE="/etc/"
PHP_INI="/etc/php.ini"
sudo yum install gcc git zip \
sudo dnf install gcc git zip unzip \
mod_ssl \
redis \
libxslt-devel zlib-devel ssdeep-devel -y
@ -180,15 +165,12 @@ yumInstallCoreDeps () {
sudo systemctl enable --now redis.service
# Install MariaDB
sudo yum install wget -y
wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
chmod +x mariadb_repo_setup
sudo ./mariadb_repo_setup
rm mariadb_repo_setup
sudo yum install MariaDB-server -y
sudo dnf install wget -y
wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup && chmod +x mariadb_repo_setup && sudo ./mariadb_repo_setup && rm mariadb_repo_setup
sudo dnf install MariaDB-server -y
# Install PHP 7.4 from Remi's repo, see https://rpms.remirepo.net/enterprise/7/php74/x86_64/repoview/
sudo yum install php php-fpm php-devel \
sudo dnf install php php-fpm php-devel \
php-mysqlnd \
php-mbstring \
php-xml \
@ -204,19 +186,21 @@ yumInstallCoreDeps () {
[[ ! -e "/usr/bin/php" ]] && sudo ln -s /usr/bin/php74 /usr/bin/php
# Python 3.6 is now available in RHEL 7.7 base
sudo yum install python3 python3-devel -y
sudo dnf install python3 python3-devel python3-virtualenv -y
sudo systemctl enable --now php-fpm.service
}
# <snippet-end 0_yumInstallCoreDeps.sh>
# <snippet-end 0_yumInstallCoreDeps7.sh>
```
```bash
# <snippet-begin 0_yumInstallHaveged.sh>
# GPG needs lots of entropy, haveged provides entropy
# /!\ Only do this if you're not running rngd to provide randomness and your kernel randomness is not sufficient.
sudo yum install haveged -y
sudo systemctl enable --now haveged.service
installEntropyRHEL () {
# GPG needs lots of entropy, haveged provides entropy
# /!\ Only do this if you're not running rngd to provide randomness and your kernel randomness is not sufficient.
sudo dnf install haveged -y
sudo systemctl enable --now haveged.service
}
# <snippet-end 0_yumInstallHaveged.sh>
```
@ -232,11 +216,6 @@ installCoreRHEL7 () {
cd $(dirname $PATH_TO_MISP)
$SUDO_WWW git clone https://github.com/MISP/MISP.git
cd $PATH_TO_MISP
##$SUDO_WWW git checkout tags/$(git describe --tags `git rev-list --tags --max-count=1`)
# if the last shortcut doesn't work, specify the latest version manually
# example: git checkout tags/v2.4.XY
# the message regarding a "detached HEAD state" is expected behaviour
# (you only have to create a new branch, if you want to change stuff and do a pull request for example)
# Fetch submodules
$SUDO_WWW git submodule update --init --recursive
@ -246,7 +225,8 @@ installCoreRHEL7 () {
$SUDO_WWW git config core.filemode false
# Create a python3 virtualenv
sudo pip3 install virtualenv
[[ -e $(which virtualenv-3 2>/dev/null) ]] && $SUDO_WWW virtualenv-3 -p python3 $PATH_TO_MISP/venv
[[ -e $(which virtualenv 2>/dev/null) ]] && $SUDO_WWW virtualenv -p python3 $PATH_TO_MISP/venv
$SUDO_WWW python3 -m venv $PATH_TO_MISP/venv
sudo mkdir /usr/share/httpd/.cache
sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.cache
@ -255,7 +235,6 @@ installCoreRHEL7 () {
cd $PATH_TO_MISP/app/files/scripts
$SUDO_WWW git clone https://github.com/CybOXProject/python-cybox.git
$SUDO_WWW git clone https://github.com/STIXProject/python-stix.git
##$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
$SUDO_WWW git clone https://github.com/CybOXProject/mixbox.git
# If you umask is has been changed from the default, it is a good idea to reset it to 0022 before installing python modules
@ -297,7 +276,7 @@ installCoreRHEL7 () {
# FIXME: Remove libfaup etc once the egg has the library baked-in
# BROKEN: This needs to be tested on RHEL/CentOS
sudo yum install libcaca-devel cmake3 -y
sudo dnf install libcaca-devel cmake3 -y
cd /tmp
[[ ! -d "faup" ]] && $SUDO_CMD git clone https://github.com/stricaud/faup.git faup
[[ ! -d "gtcaca" ]] && $SUDO_CMD git clone https://github.com/stricaud/gtcaca.git gtcaca
@ -340,15 +319,9 @@ installCake_RHEL ()
sudo mkdir /usr/share/httpd/.composer
sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.composer
cd $PATH_TO_MISP/app
# Update composer.phar (optional)
#EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
#$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
#$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === '$EXPECTED_SIGNATURE') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
#$SUDO_WWW php composer-setup.php
#$SUDO_WWW php -r "unlink('composer-setup.php');"
$SUDO_WWW php composer.phar install
sudo yum install php-pecl-redis php-pecl-ssdeep php-pecl-gnupg -y
sudo dnf install php-pecl-redis php-pecl-ssdeep php-pecl-gnupg -y
sudo systemctl restart php-fpm.service
@ -449,8 +422,8 @@ prepareDB_RHEL () {
If it is disabled, you can ignore the **chcon/setsebool/semanage/checkmodule/semodule*** commands.
```bash
# <snippet-begin 1_apacheConfig_RHEL.sh>
apacheConfig_RHEL () {
# <snippet-begin 1_apacheConfig_RHEL7.sh>
apacheConfig_RHEL7 () {
# Now configure your apache server with the DocumentRoot $PATH_TO_MISP/app/webroot/
# A sample vhost can be found in $PATH_TO_MISP/INSTALL/apache.misp.centos7
@ -497,7 +470,7 @@ apacheConfig_RHEL () {
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/custom
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/mispzmq
}
# <snippet-end 1_apacheConfig_RHEL.sh>
# <snippet-end 1_apacheConfig_RHEL7.sh>
```
!!! warning
@ -694,13 +667,8 @@ configWorkersRHEL () {
{!generic/recommended.actions.md!}
### 11/ LIEF Installation
*lief* is required for the Advanced Attachment Handler and requires manual compilation
The installation is explained in section **[3.01](https://misp.github.io/MISP/INSTALL.rhel7/#301-download-misp-code-using-git-in-varwww-directory)**
### 12/ Known Issues
## 12.01/ Workers cannot be started or restarted from the web page
### 11/ Known Issues
## 11.01/ Workers cannot be started or restarted from the web page
Possible also due to package being installed via SCL, attempting to start workers through the web page will result in error. Worker's can be restarted via the CLI using the following command.
```bash
systemctl restart misp-workers.service
@ -711,3 +679,4 @@ systemctl restart misp-workers.service
via this guide and will need additional investigation.
{!generic/hardening.md!}

86
docs/INSTALL.rhel8.md
View File

@ -7,26 +7,7 @@
Tested fully working without SELinux by [@SteveClement](https://twitter.com/SteveClement) on 20210401
TODO: Fix SELinux permissions, *pull-requests welcome*.
!!! notice
This document also serves as a source for the [INSTALL-misp.sh](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.sh) script.
Which explains why you will see the use of shell *functions* in various steps.
Henceforth the document will also follow a more logical flow. In the sense that all the dependencies are installed first then config files are generated, etc...
### -1/ Installer and Manual install instructions
!!! warning
In the **future**, to install MISP on a fresh RHEL 8 or CentOS 8 install all you need to do is:
```bash
# Please check the installer options first to make the best choice for your install
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh
# This will install MISP Core
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh -c
```
**The above does NOT work yet**
{!generic/manual-install-notes.md!}
!!! notice
If the next line is `[!generic/community.md!]()` [click here](https://misp.github.io/MISP/INSTALL.rhel8/).
@ -38,7 +19,7 @@
{!generic/rhelVScentos.md!}
!!! warning
The core MISP team cannot verify if this guide is working or not. Please help us in keeping it up to date and accurate.
The core MISP team cannot easily verify if this guide is working or not. Please help us in keeping it up to date and accurate.
Thus we also have difficulties in supporting RHEL issues but will do a best effort on a similar yet slightly different setup.
!!! notice
@ -48,7 +29,6 @@
{!generic/manual-install-notes.md!}
This document details the steps to install MISP on Red Hat Enterprise Linux 8.x (RHEL 8.x) and CentOS 8.x.
At time of this writing it was tested on versions 8.0 for RHEL.
This is a joint RHEL/CentOS install guide. The authors tried to make it contextually evident what applies to which flavor.
The following assumptions with regard to this installation have been made.
@ -83,7 +63,6 @@ sudo hostnamectl set-hostname misp.local # Your choice, in a production environm
```
## 1.3/ **[RHEL]** Register the system for updates with Red Hat Subscription Manager
Can be skipped if the Machine has been registered during install phase.
```bash
# <snippet-begin 0_RHEL_register.sh>
registerRHEL () {
@ -94,15 +73,15 @@ registerRHEL () {
## 1.4/ **[RHEL]** Enable the optional repos (obsolete in v8)
```bash
# <snippet-begin 0_RHEL_SCL.sh>
# <snippet-begin 0_RHEL8_SCL.sh>
enableOptionalRHEL8 () {
sudo subscription-manager refresh
sudo subscription-manager refresh
# The following is needed for -devel repos and ONLY for misp-modules, ignore if not needed
sudo subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
# Software Collections is available for Red Hat Enterprise Linux 7 and previous supported releases. Starting with Red Hat Enterprise Linux 8, the content traditionally consumed via Software Collections is now part of Application Streams. Please see the Application Streams Life Cycle documentation for that release. Source: https://access.redhat.com/support/policy/updates/rhscl
}
# <snippet-end 0_RHEL_SCL.sh>
# <snippet-end 0_RHEL8_SCL.sh>
```
## 1.5a/ Install the deltarpm package to help reduce download size when installing updates (optional)
@ -110,6 +89,20 @@ enableOptionalRHEL8 () {
sudo dnf install drpm -y
```
## 1.5.b/ Install vim (optional)
```bash
# Because (neo)vim is just so practical
sudo dnf install neovim -y
# For RHEL, it's vim and after enabling epel neovim is available too
```
## 1.5.c/ Install ntpdate (optional)
```bash
# In case you time is wrong, this will fix it.
sudo dnf install ntpdate -y
sudo ntpdate pool.ntp.org
```
## 1.5/ Update the system and reboot
```bash
# <snippet-begin 0_yum-update.sh>
@ -149,13 +142,13 @@ enableREMI_f33 () {
## 2.01/ Install some base system dependencies
```bash
# <snippet-begin 0_yumInstallCoreDeps.sh>
yumInstallCoreDeps () {
# <snippet-begin 0_yumInstallCoreDeps8.sh>
yumInstallCoreDeps8 () {
# Install the dependencies:
PHP_BASE="/etc/"
PHP_INI="/etc/php.ini"
sudo dnf install @httpd -y
sudo dnf install gcc git zip \
sudo dnf install gcc git zip unzip \
httpd \
mod_ssl \
redis \
@ -164,6 +157,7 @@ yumInstallCoreDeps () {
python3-devel python3-pip python3-virtualenv \
python3-policycoreutils \
policycoreutils-python-utils \
langpacks-en glibc-all-langpacks \
libxslt-devel zlib-devel ssdeep-devel -y
sudo alternatives --set python /usr/bin/python3
@ -185,8 +179,10 @@ yumInstallCoreDeps () {
# cake has php baked in, thus we link to it if necessary.
[[ ! -e "/usr/bin/php" ]] && sudo ln -s /usr/bin/php74 /usr/bin/php
sudo systemctl enable --now php-fpm.service
}
# <snippet-end 0_yumInstallCoreDeps.sh>
# <snippet-end 0_yumInstallCoreDeps8.sh>
```
```bash
@ -200,20 +196,11 @@ installEntropyRHEL () {
# <snippet-end 0_yumInstallHaveged.sh>
```
!!! notice
MISP 2.4 requires PHP 5.6 as a minimum, we need a higher version than base RHEL provides.<br />
This guide installs PHP 7.4
## 2.05/ Start the PHP FPM service and enable to start on boot
```bash
sudo systemctl enable --now php-fpm.service
```
### 3/ MISP code
## 3.01/ Download MISP code using git in /var/www/ directory
```bash
# <snippet-begin 1_mispCoreInstall_RHEL.sh>
# <snippet-begin 1_mispCoreInstall_RHEL8.sh>
compileLiefRHEL8 () {
cd $PATH_TO_MISP/app/files/scripts
$SUDO_WWW git clone --branch master --single-branch https://github.com/lief-project/LIEF.git lief
@ -350,7 +337,7 @@ installCoreRHEL8 () {
sudo systemctl restart php-fpm.service
}
# <snippet-end 1_mispCoreInstall_RHEL.sh>
# <snippet-end 1_mispCoreInstall_RHEL8.sh>
```
### 4/ CakePHP
@ -361,17 +348,12 @@ installCoreRHEL8 () {
```bash
# <snippet-begin 1_installCake_RHEL.sh>
installCake_RHEL8 ()
installCake_RHEL ()
{
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
sudo mkdir /usr/share/httpd/.composer
sudo chown $WWW_USER:$WWW_USER /usr/share/httpd/.composer
cd $PATH_TO_MISP/app
# Update composer.phar (optional)
#$SUDO_WWW php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
#$SUDO_WWW php -r "if (hash_file('SHA384', 'composer-setup.php') === 'baf1608c33254d00611ac1705c1d9958c817a1a33bce370c0595974b342601bd80b92a3f46067da89e3b06bff421f182') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
#$SUDO_WWW php composer-setup.php
#$SUDO_WWW php -r "unlink('composer-setup.php');"
$SUDO_WWW php composer.phar install
sudo dnf install php-pecl-redis php-pecl-ssdeep php-pecl-gnupg -y
@ -403,7 +385,7 @@ installCake_RHEL8 ()
### 5/ Set file permissions
```bash
# <snippet-begin 2_permissions_RHEL.sh>
# <snippet-begin 2_permissions_RHEL8.sh>
# Main function to fix permissions to something sane
permissions_RHEL8 () {
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
@ -426,7 +408,7 @@ permissions_RHEL8 () {
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/webroot/img/orgs
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/app/webroot/img/custom
}
# <snippet-end 2_permissions_RHEL.sh>
# <snippet-end 2_permissions_RHEL8.sh>
```
### 6/ Create database and user
@ -434,7 +416,7 @@ permissions_RHEL8 () {
## 6.01/ Set database to listen on localhost only
```bash
# <snippet-begin 1_prepareDB_RHEL.sh>
prepareDB_RHEL8 () {
prepareDB_RHEL () {
# Enable, start and secure your mysql database server
sudo systemctl enable --now mariadb.service
echo [mysqld] |sudo tee /etc/my.cnf.d/bind-address.cnf
@ -476,7 +458,7 @@ prepareDB_RHEL8 () {
If it is disabled, you can ignore the **chcon/setsebool/semanage/checkmodule/semodule*** commands.
```bash
# <snippet-begin 1_apacheConfig_RHEL.sh>
# <snippet-begin 1_apacheConfig_RHEL8.sh>
apacheConfig_RHEL8 () {
# Now configure your apache server with the DocumentRoot $PATH_TO_MISP/app/webroot/
# A sample vhost can be found in $PATH_TO_MISP/INSTALL/apache.misp.centos7
@ -525,7 +507,7 @@ apacheConfig_RHEL8 () {
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/webroot/img/custom
sudo chcon -R -t httpd_sys_rw_content_t $PATH_TO_MISP/app/files/scripts/mispzmq
}
# <snippet-end 1_apacheConfig_RHEL.sh>
# <snippet-end 1_apacheConfig_RHEL8.sh>
```
!!! warning

54
docs/INSTALL.ubuntu1804.md
View File

@ -1,28 +1,14 @@
# INSTALLATION INSTRUCTIONS
## for Ubuntu 18.04.5-server
### -1/ Installer and Manual install instructions
{!generic/manual-install-notes.md!}
Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/).
To install MISP on a *fresh* Ubuntu 18.04, all you need to do is the following:
```bash
# Please check the installer options first to make the best choice for your install
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh
# This will install MISP Core
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh -c
```
### 0/ MISP Ubuntu 18.04-server install - status
-------------------------
!!! notice
Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20210324 (works with **Ubuntu 19.04/20.04/21.04** too)
{!generic/manual-install-notes.md!}
Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20210401 (works with **Ubuntu 19.04/20.04/21.04** too)
!!! notice
If the next line is `[!generic/core.md!]()` [click here](https://misp.github.io/MISP/INSTALL.ubuntu1804/).
@ -98,21 +84,31 @@ installCoreDeps () {
}
# <snippet-end 0_installCoreDeps.sh>
# <snippet-begin 0_installDepsPhp72.sh>
# Install Php 7.2 dependencies
installDepsPhp72 () {
debug "Installing PHP 7.2 dependencies"
PHP_ETC_BASE=/etc/php/7.2
# <snippet-begin 0_upgradePhp74.sh>
upgradeToPHP74 () {
sudo apt install software-properties-common -qy
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update
sudo apt dist-upgrade -y
}
# <snippet-end 0_upgradePhp74.sh>
# <snippet-begin 0_installDepsPhp74.sh>
# Install Php 7.4 dependencies
installDepsPhp74 () {
debug "Installing PHP 7.4 dependencies"
PHP_ETC_BASE=/etc/php/7.4
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
checkAptLock
sudo apt install -qy \
libapache2-mod-php \
php php-cli \
php-dev \
php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-zip \
php-redis php-gnupg \
php-intl php-bcmath \
php-gd
libapache2-mod-php7.4 \
php7.4 php7.4-cli \
php7.4-dev \
php7.4-json php7.4-xml php7.4-mysql php7.4-opcache php7.4-readline php7.4-mbstring php7.4-zip \
php7.4-redis php7.4-gnupg \
php7.4-intl php7.4-bcmath \
php7.4-gd
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
@ -121,7 +117,7 @@ installDepsPhp72 () {
sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI
sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI
}
# <snippet-end 0_installDepsPhp72.sh>
# <snippet-end 0_installDepsPhp74.sh>
```
### 3/ MISP code

32
docs/INSTALL.ubuntu2004.md
View File

@ -1,28 +1,16 @@
# INSTALLATION INSTRUCTIONS
## for Ubuntu 20.04.2.0-server
{!generic/manual-install-notes.md!}
### -1/ Installer and Manual install instructions
Make sure you are reading the parsed version of this Document. When in doubt [click here](https://misp.github.io/MISP/INSTALL.ubuntu2004/).
To install MISP on a *fresh* Ubuntu 20.04, all you need to do is the following:
```bash
# Please check the installer options first to make the best choice for your install
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh
# This will install MISP Core
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh -c
```
### 0/ MISP Ubuntu 20.04-server install - status
-------------------------
!!! notice
Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20210331
{!generic/manual-install-notes.md!}
Installer tested working by [@SteveClement](https://twitter.com/SteveClement) on 20210401 (works with **Ubuntu 19.04/20.04/21.04** too)
!!! notice
If the next line is `[!generic/core.md!]()` [click here](https://misp.github.io/MISP/INSTALL.ubuntu2004/).
@ -106,13 +94,13 @@ installDepsPhp74 () {
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
checkAptLock
sudo apt install -qy \
libapache2-mod-php \
php php-cli \
php-dev \
php-json php-xml php-mysql php7.4-opcache php-readline php-mbstring php-zip \
php-redis php-gnupg \
php-intl php-bcmath \
php-gd
libapache2-mod-php7.4 \
php7.4 php7.4-cli \
php7.4-dev \
php7.4-json php7.4-xml php7.4-mysql php7.4-opcache php7.4-readline php7.4-mbstring php7.4-zip \
php7.4-redis php7.4-gnupg \
php7.4-intl php7.4-bcmath \
php7.4-gd
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do

307
docs/generic/MISP_CAKE_init.md
View File

@ -2,137 +2,138 @@
```bash
# <snippet-begin 2_core-cake.sh>
# Core cake commands to tweak MISP and aleviate some of the configuration pains
# The $RUN_PHP is ONLY set on RHEL/CentOS installs and can thus be ignored
# The ${RUN_PHP} is ONLY set on RHEL/CentOS installs and can thus be ignored
# This file is NOT an excuse to NOT read the settings and familiarize ourselves with them ;)
coreCAKE () {
debug "Running core Cake commands to set sane defaults for ${LBLUE}MISP${NC}"
# IF you have logged in prior to running this, it will fail but the fail is NON-blocking
$SUDO_WWW $RUN_PHP -- $CAKE userInit -q
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} userInit -q
# This makes sure all Database upgrades are done, without logging in.
$SUDO_WWW $RUN_PHP -- $CAKE Admin runUpdates
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin runUpdates
# The default install is Python >=3.6 in a virtualenv, setting accordingly
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.python_bin" "${PATH_TO_MISP}/venv/bin/python"
# Set default role
# TESTME: The following seem defunct, please test.
# $SUDO_WWW $RUN_PHP -- $CAKE setDefaultRole 3
# ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} setDefaultRole 3
# Tune global time outs
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.autoRegenerate" 0
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.timeout" 600
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Session.cookieTimeout" 3600
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.autoRegenerate" 0
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.timeout" 600
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Session.cookieTimeout" 3600
# Change base url, either with this CLI command or in the UI
[[ ! -z ${MISP_BASEURL} ]] && $SUDO_WWW $RUN_PHP -- $CAKE Baseurl $MISP_BASEURL
[[ ! -z ${MISP_BASEURL} ]] && ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Baseurl $MISP_BASEURL
# example: 'baseurl' => 'https://<your.FQDN.here>',
# alternatively, you can leave this field empty if you would like to use relative pathing in MISP
# 'baseurl' => '',
# The base url of the application (in the format https://www.mymispinstance.com) as visible externally/by other MISPs.
# MISP will encode this URL in sharing groups when including itself. If this value is not set, the baseurl is used as a fallback.
[[ ! -z ${MISP_BASEURL} ]] && $SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.external_baseurl" $MISP_BASEURL
[[ ! -z ${MISP_BASEURL} ]] && ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.external_baseurl" ${MISP_BASEURL}
# Enable GnuPG
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.email" "$GPG_EMAIL_ADDRESS"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.homedir" "$PATH_TO_MISP/.gnupg"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.password" "$GPG_PASSPHRASE"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.obscure_subject" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.email" "${GPG_EMAIL_ADDRESS}"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.homedir" "${PATH_TO_MISP}/.gnupg"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.password" "${GPG_PASSPHRASE}"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.obscure_subject" true
# FIXME: what if we have not gpg binary but a gpg2 one?
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "GnuPG.binary" "$(which gpg)"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "GnuPG.binary" "$(which gpg)"
# Enable installer org and tune some configurables
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.host_org_id" 1
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.email" "info@admin.test"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disable_emailing" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.contact" "info@admin.test"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disablerestalert" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.showCorrelationsOnIndex" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.default_event_tag_collection" 0
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.host_org_id" 1
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.email" "info@admin.test"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_emailing" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.contact" "info@admin.test"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disablerestalert" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.showCorrelationsOnIndex" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.default_event_tag_collection" 0
# Provisional Cortex tunes
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_services_enable" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_services_port" 9000
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_timeout" 120
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_authkey" ""
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_ssl_verify_host" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_enable" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_url" "http://127.0.0.1"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_services_port" 9000
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_timeout" 120
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_authkey" ""
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_peer" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_verify_host" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Cortex_ssl_allow_self_signed" true
# Various plugin sightings settings
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_policy" 0
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_anonymise" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_anonymise_as" 1
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_range" 365
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.Sightings_sighting_db_enable" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Sightings_policy" 0
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Sightings_anonymise" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Sightings_anonymise_as" 1
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Sightings_range" 365
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Sightings_sighting_db_enable" false
# TODO: Fix the below list
# Set API_Required modules to false
for PLUG in $(echo "Plugin.Enrichment_cuckoo_submit_enabled
Plugin.Enrichment_vmray_submit_enabled
Plugin.Enrichment_circl_passivedns_enabled
Plugin.Enrichment_circl_passivessl_enabled
Plugin.Enrichment_domaintools_enabled
Plugin.Enrichment_eupi_enabled
Plugin.Enrichment_farsight_passivedns_enabled
Plugin.Enrichment_passivetotal_enabled
Plugin.Enrichment_passivetotal_enabled
Plugin.Enrichment_virustotal_enabled
Plugin.Enrichment_whois_enabled
Plugin.Enrichment_shodan_enabled
Plugin.Enrichment_geoip_asn_enabled
Plugin.Enrichment_geoip_city_enabled
Plugin.Enrichment_geoip_country_enabled
Plugin.Enrichment_iprep_enabled
Plugin.Enrichment_otx_enabled
Plugin.Enrichment_vulndb_enabled
Plugin.Enrichment_crowdstrike_falcon_enabled
Plugin.Enrichment_onyphe_enabled
Plugin.Enrichment_xforceexchange_enabled
Plugin.Enrichment_vulners_enabled
Plugin.Enrichment_macaddress_io_enabled
Plugin.Enrichment_intel471_enabled
Plugin.Enrichment_backscatter_io_enabled
Plugin.Enrichment_hibp_enabled
Plugin.Enrichment_greynoise_enabled
Plugin.Enrichment_joesandbox_submit_enabled
Plugin.Enrichment_virustotal_public_enabled
Plugin.Enrichment_apiosintds_enabled
Plugin.Enrichment_urlscan_enabled
Plugin.Enrichment_securitytrails_enabled
Plugin.Enrichment_apivoid_enabled
Plugin.Enrichment_assemblyline_submit_enabled
Plugin.Enrichment_assemblyline_query_enabled
Plugin.Enrichment_ransomcoindb_enabled
Plugin.Enrichment_lastline_query_enabled
Plugin.Enrichment_sophoslabs_intelix_enabled
Plugin.Enrichment_cytomic_orion_enabled
Plugin.Enrichment_censys_enrich_enabled
Plugin.Enrichment_trustar_enrich_enabled
Plugin.Enrichment_recordedfuture_enabled
Plugin.ElasticSearch_logging_enable
Plugin.S3_enable"); do
PLUGS=(Plugin.Enrichment_cuckoo_submit_enabled
Plugin.Enrichment_vmray_submit_enabled
Plugin.Enrichment_circl_passivedns_enabled
Plugin.Enrichment_circl_passivessl_enabled
Plugin.Enrichment_domaintools_enabled
Plugin.Enrichment_eupi_enabled
Plugin.Enrichment_farsight_passivedns_enabled
Plugin.Enrichment_passivetotal_enabled
Plugin.Enrichment_passivetotal_enabled
Plugin.Enrichment_virustotal_enabled
Plugin.Enrichment_whois_enabled
Plugin.Enrichment_shodan_enabled
Plugin.Enrichment_geoip_asn_enabled
Plugin.Enrichment_geoip_city_enabled
Plugin.Enrichment_geoip_country_enabled
Plugin.Enrichment_iprep_enabled
Plugin.Enrichment_otx_enabled
Plugin.Enrichment_vulndb_enabled
Plugin.Enrichment_crowdstrike_falcon_enabled
Plugin.Enrichment_onyphe_enabled
Plugin.Enrichment_xforceexchange_enabled
Plugin.Enrichment_vulners_enabled
Plugin.Enrichment_macaddress_io_enabled
Plugin.Enrichment_intel471_enabled
Plugin.Enrichment_backscatter_io_enabled
Plugin.Enrichment_hibp_enabled
Plugin.Enrichment_greynoise_enabled
Plugin.Enrichment_joesandbox_submit_enabled
Plugin.Enrichment_virustotal_public_enabled
Plugin.Enrichment_apiosintds_enabled
Plugin.Enrichment_urlscan_enabled
Plugin.Enrichment_securitytrails_enabled
Plugin.Enrichment_apivoid_enabled
Plugin.Enrichment_assemblyline_submit_enabled
Plugin.Enrichment_assemblyline_query_enabled
Plugin.Enrichment_ransomcoindb_enabled
Plugin.Enrichment_lastline_query_enabled
Plugin.Enrichment_sophoslabs_intelix_enabled
Plugin.Enrichment_cytomic_orion_enabled
Plugin.Enrichment_censys_enrich_enabled
Plugin.Enrichment_trustar_enrich_enabled
Plugin.Enrichment_recordedfuture_enabled
Plugin.ElasticSearch_logging_enable
Plugin.S3_enable)
for PLUG in "${PLUGS[@]}"; do
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting ${PLUG} false
done
# Plugin CustomAuth tuneable
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.CustomAuth_disable_logout" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.CustomAuth_disable_logout" false
# RPZ Plugin settings
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_policy" "DROP"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_serial" "\$date00"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_refresh" "2h"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_retry" "30m"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_expiry" "30d"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ttl" "1w"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ns" "localhost."
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_ns_alt" ""
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Plugin.RPZ_email" "root.localhost"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_policy" "DROP"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_walled_garden" "127.0.0.1"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_serial" "\$date00"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_refresh" "2h"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_retry" "30m"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_expiry" "30d"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_minimum_ttl" "1h"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ttl" "1w"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns" "localhost."
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_ns_alt" ""
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.RPZ_email" "root.localhost"
# Kafka settings
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.Kafka_enable" false
@ -181,98 +182,98 @@ coreCAKE () {
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Plugin.ZeroMQ_tag_notifications_enable" false
# Force defaults to make MISP Server Settings less RED
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.language" "eng"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.proposals_block_attributes" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.language" "eng"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.proposals_block_attributes" false
# Redis block
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_host" "127.0.0.1"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_port" 6379
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_database" 13
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.redis_password" ""
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.redis_host" "127.0.0.1"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.redis_port" 6379
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.redis_database" 13
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.redis_password" ""
# Force defaults to make MISP Server Settings less YELLOW
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.ssdeep_correlation_threshold" 40
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.extended_alert_subject" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.default_event_threat_level" 4
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.enableEventBlocklisting" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.enableOrgBlocklisting" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.log_client_ip" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.log_auth" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.log_user_ips" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.log_user_ips_authkeys" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disableUserSelfManagement" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disable_user_login_change" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disable_user_password_change" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.disable_user_add" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_event_alert" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_old_event_alert" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_old_event_alert_age" ""
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.block_old_event_alert_by_date" ""
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.incoming_tags_disabled_by_default" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.maintenance_message" "Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at \$email."
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.footermidleft" "This is an initial install"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.ssdeep_correlation_threshold" 40
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.extended_alert_subject" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.default_event_threat_level" 4
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.newUserText" "Dear new MISP user,\\n\\nWe would hereby like to welcome you to the \$org MISP community.\\n\\n Use the credentials below to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nPassword: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.passwordResetText" "Dear MISP user,\\n\\nA password reset has been triggered for your account. Use the below provided temporary password to log into MISP at \$misp, where you will be prompted to manually change your password to something of your own choice.\\n\\nUsername: \$username\\nYour temporary password: \$password\\n\\nIf you have any questions, don't hesitate to contact us at: \$contact.\\n\\nBest regards,\\nYour \$org MISP support team"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.enableEventBlocklisting" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.enableOrgBlocklisting" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.log_client_ip" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.log_auth" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.log_user_ips" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.log_user_ips_authkeys" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disableUserSelfManagement" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_user_login_change" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_user_password_change" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.disable_user_add" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.block_event_alert" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.block_event_alert_tag" "no-alerts=\"true\""
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.block_old_event_alert" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.block_old_event_alert_age" ""
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.block_old_event_alert_by_date" ""
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.incoming_tags_disabled_by_default" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.maintenance_message" "Great things are happening! MISP is undergoing maintenance, but will return shortly. You can contact the administration at \$email."
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.footermidleft" "This is an initial install"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.footermidright" "Please configure and harden accordingly"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.welcome_text_top" "Initial Install, please configure"
# TODO: Make sure $FLAVOUR is correct
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on $FLAVOUR, change this message in MISP Settings"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.attachments_dir" "$PATH_TO_MISP/app/files"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.download_attachments_on_load" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.event_alert_metadata_only" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.title_text" "MISP"
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.terms_download" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.showorgalternate" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "MISP.event_view_filter_fields" "id, uuid, value, comment, type, category, Tag.name"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.welcome_text_bottom" "Welcome to MISP on ${FLAVOUR}, change this message in MISP Settings"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.attachments_dir" "${PATH_TO_MISP}/app/files"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.download_attachments_on_load" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.event_alert_metadata_only" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.title_text" "MISP"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.terms_download" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.showorgalternate" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "MISP.event_view_filter_fields" "id, uuid, value, comment, type, category, Tag.name"
# Force defaults to make MISP Server Settings less GREEN
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "debug" 0
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.auth_enforced" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.log_each_individual_auth_fail" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.rest_client_baseurl" ""
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.advanced_authkeys" false
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.password_policy_length" 12
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.self_registration_message" "If you would like to send us a registration request, please fill out the form below. Make sure you fill out as much information as possible in order to ease the task of the administrators."
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "debug" 0
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.auth_enforced" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.log_each_individual_auth_fail" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.rest_client_baseurl" ""
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.advanced_authkeys" false
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.password_policy_length" 12
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.password_policy_complexity" '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/'
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.self_registration_message" "If you would like to send us a registration request, please fill out the form below. Make sure you fill out as much information as possible in order to ease the task of the administrators."
# Appease the security audit, #hardening
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.disable_browser_cache" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.check_sec_fetch_site_header" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.csp_enforce" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.advanced_authkeys" true
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.do_not_log_authkeys" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.disable_browser_cache" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.check_sec_fetch_site_header" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.csp_enforce" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.advanced_authkeys" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.do_not_log_authkeys" true
# Appease the security audit, #loggin
$SUDO_WWW $RUN_PHP -- $CAKE Admin setSetting "Security.username_in_response_header" true
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin setSetting "Security.username_in_response_header" true
# It is possible to updateMISP too, only here for reference how to to that on the CLI.
## $SUDO_WWW $RUN_PHP -- $CAKE Admin updateMISP
## ${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin updateMISP
# Set MISP Live
$SUDO_WWW $RUN_PHP -- $CAKE Live $MISP_LIVE
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Live ${MISP_LIVE}
}
# This updates Galaxies, ObjectTemplates, Warninglists, Noticelists, Templates
updateGOWNT () {
# AUTH_KEY Place holder in case we need to **curl** somehing in the future
#
$SUDO_WWW $RUN_MYSQL -- mysql -h $DBHOST -u $DBUSER_MISP -p$DBPASSWORD_MISP misp -e "SELECT authkey FROM users;" | tail -1 > /tmp/auth.key
${SUDO_WWW} ${RUN_MYSQL} -- mysql -h ${DBHOST} -u ${DBUSER_MISP} -p${DBPASSWORD_MISP} misp -e "SELECT authkey FROM users;" | tail -1 > /tmp/auth.key
AUTH_KEY=$(cat /tmp/auth.key)
rm /tmp/auth.key
debug "Updating Galaxies, ObjectTemplates, Warninglists, Noticelists and Templates"
# Update the galaxies…
# TODO: Fix updateGalaxies
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateGalaxies
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin updateGalaxies
# Updating the taxonomies…
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateTaxonomies
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin updateTaxonomies
# Updating the warning lists…
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateWarningLists
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin updateWarningLists
# Updating the notice lists…
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateNoticeLists
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin updateNoticeLists
# Updating the object templates…
$SUDO_WWW $RUN_PHP -- $CAKE Admin updateObjectTemplates "1337"
${SUDO_WWW} ${RUN_PHP} -- ${CAKE} Admin updateObjectTemplates "1337"
}
# <snippet-end 2_core-cake.sh>
```

25
docs/generic/mail_to_misp-debian.md
View File

@ -8,30 +8,29 @@ mail2misp () {
debug "Installing Mail2${LBLUE}MISP${NC}"
cd /usr/local/src/
sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git; done
false; while [[ $? -ne 0 ]]; do ${SUDO_CMD} git clone https://github.com/MISP/mail_to_misp.git; done
## TODO: The below fails miserably (obviously) if faup/gtcac dirs exist, let's just make the dangerous assumption (for the sake of the installer, that they exist)
##[[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/stricaud/faup.git faup; done
##[[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/stricaud/gtcaca.git gtcaca; done
##[[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do ${SUDO_CMD} git clone https://github.com/stricaud/faup.git faup; done
##[[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do ${SUDO_CMD} git clone https://github.com/stricaud/gtcaca.git gtcaca; done
sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp gtcaca
cd gtcaca
$SUDO_CMD mkdir -p build
${SUDO_CMD} mkdir -p build
cd build
$SUDO_CMD cmake .. && $SUDO_CMD make
${SUDO_CMD} cmake .. && ${SUDO_CMD} make
sudo make install
cd ../../faup
$SUDO_CMD mkdir -p build
${SUDO_CMD} mkdir -p build
cd build
$SUDO_CMD cmake .. && $SUDO_CMD make
${SUDO_CMD} cmake .. && ${SUDO_CMD} make
sudo make install
sudo ldconfig
cd ../../mail_to_misp
$SUDO_CMD virtualenv -p python3 venv
$SUDO_CMD ./venv/bin/pip install lief
$SUDO_CMD ./venv/bin/pip install -r requirements.txt
$SUDO_CMD cp mail_to_misp_config.py-example mail_to_misp_config.py
${SUDO_CMD} virtualenv -p python3 venv
${SUDO_CMD} ./venv/bin/pip install -r requirements.txt
${SUDO_CMD} cp mail_to_misp_config.py-example mail_to_misp_config.py
##$SUDO cp mail_to_misp_config.py-example mail_to_misp_config.py
$SUDO_CMD sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
$SUDO_CMD sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
${SUDO_CMD} sed -i "s/^misp_url\ =\ 'YOUR_MISP_URL'/misp_url\ =\ 'https:\/\/localhost'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
${SUDO_CMD} sed -i "s/^misp_key\ =\ 'YOUR_KEY_HERE'/misp_key\ =\ '${AUTH_KEY}'/g" /usr/local/src/mail_to_misp/mail_to_misp_config.py
}
# <snippet-end 5_mail_to_misp.sh>
```

18
docs/generic/manual-install-notes.md
View File

@ -1,3 +1,21 @@
!!! notice
This document also serves as a source for the [INSTALL-misp.sh](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.sh) script.
Which explains why you will see the use of shell *functions* in various steps.
You will see bash-*functions* in various steps. You can either copy between the *{}*'s or copy the entire function and just run it.
Henceforth the document will also follow a more logical flow. In the sense that all the dependencies are installed first then config files are generated, etc...
### -1/ Installer and Manual install instructions
To install MISP all you need to do is the following on a clean [supported](https://misp.github.io/MISP/) distribution.
!!! notice
```bash
# Please check the installer options first to make the best choice for your install
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh
# This will install MISP Core
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
bash /tmp/INSTALL.sh -c
```

10
docs/generic/misp-dashboard-centos.md
View File

@ -11,20 +11,20 @@
# <snippet-begin 4_misp-dashboardRHEL.sh>
# Main MISP Dashboard install function
mispDashboard () {
sudo yum install wget screen -y
sudo dnf install wget screen -y
sudo mkdir /var/www/misp-dashboard
sudo chown $WWW_USER:$WWW_USER /var/www/misp-dashboard
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git /var/www/misp-dashboard; done
sudo chown ${WWW_USER}:${WWW_USER} /var/www/misp-dashboard
false; while [[ $? -ne 0 ]]; do ${SUDO_WWW} git clone https://github.com/MISP/misp-dashboard.git /var/www/misp-dashboard; done
cd /var/www/misp-dashboard
sudo sed -i -E 's/sudo apt/#sudo apt/' install_dependencies.sh
sudo -H /var/www/misp-dashboard/install_dependencies.sh
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
sudo sed -i '/Listen 80/a Listen 0.0.0.0:8001' /etc/httpd/conf/httpd.conf
# TODO: Check if this works on 7.x
[[ "${DIST_VER}" =~ ^[7].* ]] && sudo yum install rh-python36-mod_wsgi -y
[[ "${DIST_VER}" =~ ^[7].* ]] && sudo dnf install rh-python36-mod_wsgi -y
[[ "${DIST_VER}" =~ ^[7].* ]] && sudo cp /opt/rh/httpd24/root/usr/lib64/httpd/modules/mod_rh-python36-wsgi.so /etc/httpd/modules/
[[ "${DIST_VER}" =~ ^[7].* ]] && sudo cp /opt/rh/httpd24/root/etc/httpd/conf.modules.d/10-rh-python36-wsgi.conf /etc/httpd/conf.modules.d/
([[ "${DISTRI}" == "fedora33" ]] || [[ "${DIST_VER}" =~ ^[8].* ]]) && sudo yum install python3-mod_wsgi -y
([[ "${DISTRI}" == "fedora33" ]] || [[ "${DIST_VER}" =~ ^[8].* ]]) && sudo dnf install python3-mod_wsgi -y
echo "<VirtualHost *:8001>
ServerAdmin admin@misp.local

8
docs/generic/misp-modules-centos.md
View File

@ -4,10 +4,10 @@
# <snippet-begin 3_misp-modules_RHEL.sh>
mispmodulesRHEL () {
# some misp-modules dependencies for RHEL<8
[[ "${DIST_VER}" =~ ^[7].* ]] && sudo yum install openjpeg-devel gcc-c++ poppler-cpp-devel pkgconfig python3-devel redhat-rpm-config -y
[[ "${DIST_VER}" =~ ^[7].* ]] && sudo dnf install openjpeg-devel gcc-c++ poppler-cpp-devel pkgconfig python3-devel redhat-rpm-config -y
# some misp-modules dependencies for RHEL8
([[ "${DISTRI}" == "fedora33" ]] || [[ "${DIST_VER}" =~ ^[8].* ]]) && sudo yum install openjpeg2-devel gcc-c++ poppler-cpp-devel pkgconfig python3-devel redhat-rpm-config -y
([[ "${DISTRI}" == "fedora33" ]] || [[ "${DIST_VER}" =~ ^[8].* ]]) && sudo dnf install openjpeg2-devel gcc-c++ poppler-cpp-devel pkgconfig python3-devel redhat-rpm-config -y
sudo chmod 2777 /usr/local/src
sudo chown root:users /usr/local/src
@ -19,9 +19,9 @@ mispmodulesRHEL () {
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install -U .
${SUDO_WWW} ${PATH_TO_MISP}/venv/bin/pip install pyfaup censys
# some misp-modules dependencies for RHEL<8
([[ "${DISTRI}" == "fedora33" ]] || [[ "${DIST_VER}" =~ ^[7].* ]]) && sudo yum install rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel -y
([[ "${DISTRI}" == "fedora33" ]] || [[ "${DIST_VER}" =~ ^[7].* ]]) && sudo dnf install rubygem-rouge rubygem-asciidoctor zbar-devel opencv-devel -y
# some misp-modules dependencies for RHEL8
[[ "${DIST_VER}" =~ ^[8].* ]] && sudo dnf install https://packages.endpoint.com/rhel/8/main/x86_64/endpoint-repo-8-1.ep8.noarch.rpm -y && sudo yum install zbar-devel opencv-devel -y
[[ "${DIST_VER}" =~ ^[8].* ]] && sudo dnf install https://packages.endpoint.com/rhel/8/main/x86_64/endpoint-repo-8-1.ep8.noarch.rpm -y && sudo dnf install zbar-devel opencv-devel -y
echo "[Unit]
Description=MISP modules

26
docs/generic/supportFunctions.md
View File

@ -979,6 +979,30 @@ theEnd () {
sudo su - ${MISP_USER}
fi
}
## End Function Section Nothing allowed in .md after this line ##
# <snippet-end 0_support-functions.sh>
# <snippet-begin 0_installDepsPhp72.sh>
# Install Php 7.2 dependencies
installDepsPhp72 () {
debug "Installing PHP 7.2 dependencies"
PHP_ETC_BASE=/etc/php/7.2
PHP_INI=${PHP_ETC_BASE}/apache2/php.ini
checkAptLock
sudo apt install -qy \
libapache2-mod-php \
php php-cli \
php-dev \
php-json php-xml php-mysql php7.2-opcache php-readline php-mbstring php-zip \
php-redis php-gnupg \
php-intl php-bcmath \
php-gd
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
do
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
done
sudo sed -i "s/^\(session.sid_length\).*/\1 = $(eval echo \${session0sid_length})/" $PHP_INI
sudo sed -i "s/^\(session.use_strict_mode\).*/\1 = $(eval echo \${session0use_strict_mode})/" $PHP_INI
}
## End Function Section Nothing allowed in .md after this line ##
# <snippet-end 0_installDepsPhp72.sh>
```

30
tools/misp-wipe/misp-wipe.sh
View File

@ -26,7 +26,7 @@
##
# This makes use of the standard variables used by the installer
eval "$(curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/docs/generic/globalVariables.md | grep -v \`\`\`)"
eval "$(curl -fsSL https://raw.githubusercontent.com/MISP/MISP/2.4/docs/generic/globalVariables.md | awk '/^# <snippet-begin/,0' | grep -v \`\`\`)"
MISPvars > /dev/null 2>&1
LUSER_ID="$(id -u)"
@ -37,14 +37,13 @@ if [[ "${LUSER_ID}" > "0" ]]; then
exit
fi
FILE=./misp-wipe.conf
SQL=./misp-wipe.sql
FILE=${CWD}./misp-wipe.conf
SQL=${CWD}./misp-wipe.sql
# Source configuration file
if [ -f $FILE ];
then
echo "File $FILE exists."
. $FILE
if [[ -f ${FILE} ]]; then
echo "File ${FILE} exists."
. ${FILE}
else
echo "Config File $FILE does not exist. Please enter values manually"
## MySQL stuff
@ -57,18 +56,19 @@ fi
# Fill in any missing values with defaults
# MISP path
# MISP path, abort when not set and autodetect fails
([[ -z ${PATH_TO_MISP} ]] && PTM=$(locate MISP/app/webroot/index.php) ; [[ $(echo ${PTM} |sed 's/\/app\/webroot\/index\.php//'| wc -l) > 1 ]] && echo "More then 1 MISP install found: ${PTM} - abort." && exit -1)
PATH_TO_MISP=${PATH_TO_MISP:-$(locate MISP/app/webroot/index.php|sed 's/\/app\/webroot\/index\.php//')}
# database.php
MySQLUUser=$(grep -o -P "(?<='login' => ').*(?=')" $PATH_TO_MISP/app/Config/database.php)
MySQLUPass=$(grep -o -P "(?<='password' => ').*(?=')" $PATH_TO_MISP/app/Config/database.php)
MISPDB=$(grep -o -P "(?<='database' => ').*(?=')" $PATH_TO_MISP/app/Config/database.php)
DB_Port=$(grep -o -P "(?<='port' => ).*(?=,)" $PATH_TO_MISP/app/Config/database.php)
MISPDBHost=$(grep -o -P "(?<='host' => ').*(?=')" $PATH_TO_MISP/app/Config/database.php)
MySQLUUser=$(grep -o -P "(?<='login' => ').*(?=')" ${PATH_TO_MISP}/app/Config/database.php)
MySQLUPass=$(grep -o -P "(?<='password' => ').*(?=')" ${PATH_TO_MISP}/app/Config/database.php)
MISPDB=$(grep -o -P "(?<='database' => ').*(?=')" ${PATH_TO_MISP}/app/Config/database.php)
DB_Port=$(grep -o -P "(?<='port' => ).*(?=,)" ${PATH_TO_MISP}/app/Config/database.php)
MISPDBHost=$(grep -o -P "(?<='host' => ').*(?=')" ${PATH_TO_MISP}/app/Config/database.php)
echo "Clearing data model cache files"
rm -f $PATH_TO_MISP/app/tmp/cache/models/myapp_*
rm -f $PATH_TO_MISP/app/tmp/cache/persistent/myapp_*
rm -f ${PATH_TO_MISP}/app/tmp/cache/models/myapp_*
rm -f ${PATH_TO_MISP}/app/tmp/cache/persistent/myapp_*
echo "Wiping MySQL tables"
echo "Removes all users and organizations, except default (id=1)"